Study finds API vulnerabilities continuing issue for digital brands

Default Image

Local File Inclusion attacks racked up 3.3 billion attempted attacks, and Cross-Site Scripting attacks racked up just over 1 billion attempted attacks.

These attacks highlight the continued vulnerability of digital APIs, which put many digital businesses at higher security risks. Other interesting findings from the report include:

• More than 1 billion credential stuffing attacks were attempted during single-day reporting periods in both January and May 2021
• US-based businesses were the top target for attacks, with nearly 6x more attempted attacks that the UK, which ranked at number two

“From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application,” said Steve Ragan, Akamai Security Researcher and author of the report. “API attacks are both underdetected and underreported when detected. While DDoS attacks and ransoms are are both major issues, attacks on APIs don’t receive the same level of attention. . .but that doesn’t mean they should be ignored.”

More data from Akamai’s State of the Internet report can be accessed here.



Kristina Knight is a freelance writer based in Ohio, United States. She began her career in radio and television broadcasting, focusing her energies on health and business reporting. After six years in the industry, Kristina branched out on her own. Since 2001, her articles have appeared in Family Delegate, Credit Union Business, and with Threshold Media.